It's 2021, and we're still reading news of cryptocurrency security breaches.
Last week news was reported of an alleged breach at Indian crypto exchange, BuyUCoin. Although the company maintains that only "non-sensitive, dummy data" was revealed, the alleged data dump included three separate archives, dates June 1, July 14, and September 5, 2020.
Also last week, Russian cryptocurrency exchange Livecoin shuttered following an alleged cyberattack.
As interest in cryptocurrencies continues to rise - almost as fast as the value of Bitcoin itself - the ability to hold, store, and transfer digital assets is becoming crucial, especially to those with a significant holding.
One way to avoid breaches is to store your assets in a cold wallet. Another technique to secure your cryptocurrency is to use transactional solutions that do not connect to the internet.
One company, GK8, understands that if a crypto wallet is connected to the internet, it can be hacked. But it is going further than most to ensure even a cold, unconnected wallet solution is as secure as humanly possible.
MPC-based wallets are an interesting and highly secure solution. With an MPC-based wallet, a key is split to shards and split between multiple co-signers.
Usually, MPC solutions are limited to 2-3 co-signers due to performance issues, which still presents security issues. In fact, one of the criticisms of MPC co-signing is the lack of accountability. What if 4 of the other people holding key parts in the MPC wallet decide to steal the money?
"MPC solutions are based on X out of Y co-signers required to send a transaction," Lior Lamesh, GK8 cofounder and CEO, told me. "The total number of co-signers (Y) is typically limited due to performance issues, with X being equal to 2. The 3 co-signers usually consist of the bank, the solution provider, and a backup PC. What this means for hackers, is that as long as they break into the solution provider and the backup PC, they can create a signed transaction on behalf of the bank, even without having to break into the bank’s secure environment."
So how has GK8 cracked this tough nut?
"Unlike other MPC solutions, GK8's novel MPC algorithm enables banks to configure themselves as a mandatory co-signer in the cryptographic layer," Lamesh said. "What this means is that even if the cosigners represented by both the solution provider and the backup PC are hacked, the hackers will still have no access to the private key. This is how GK8 solves the accountability problem. That's of course on top of our patented ability to add dozens of cosigners to our MPC, making it exponentially more secure than other solutions based on only 3 co-signers."
GK8 claims this to be the world’s most secure crypto custody solution, and it is currently in use at traditional custodians such as Prosegur.
And like others in this field, it is keen to ensure that independent cryptographic assessment and penetration testing providers, such as NCC Group, review its implementation.
"GK8's novel approach was validated by the world-renowned cryptographer Prof. Eran Tromer of Columbia University in New York, who is also the scientist founder of Zcash," Lamesh said. "As part of the validation, our air-gapped Cold Vault solution also passed the most extreme penetration tests conducted by Prof. Mordechai Guri, a leading global expert in side-channels attacks. GK8 holds a SOC 2 Type 2 certification granted by EY, as well as multiple certificates including FIPS 140-2."
As if that wasn't enough, the company also followed another trend in recent years and put its money where its mouth is.
"We offered a $250,000 bounty last year, inviting hackers from all over the world to break into our vault," Lamesh said. And as noted in Hackernoon recently, thousands of hackers attempted to grab the cash, but none have succeeded.
Beyond security, there are other benefits to structuring an MPC-based wallet in this way.
"Multi-Sig solutions are larger in transaction size, and hence more expensive in how much miners are charging for them in fees," Lamesh said. "In MPC, the Multi-Sig is off-chain in the cryptographic layer, hence the fee will be just like a simple transaction because the transaction received to the miner is the basic one after the MPC has taken place off-chain. This can be very important for banks that making thousands of transactions a day."
With more governments and large organizations taking an interest in cryptocurrency, having truly secure storage and transfer solutions is going to become vitally important, especially with the value of the digital assets currently being held on devices such as those GK8 provides. MPC seems like the most secure solution, but with existing systems being slow and expensive to use, they do have their weaknesses. If GK8's claims hold up, this could be the answer that significant holders of crypto have been looking for.